Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
02-02-2024 22:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8ab6c973bc2753cfc722823f6fc9b9bc.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
8ab6c973bc2753cfc722823f6fc9b9bc.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
8ab6c973bc2753cfc722823f6fc9b9bc.exe
-
Size
157KB
-
MD5
8ab6c973bc2753cfc722823f6fc9b9bc
-
SHA1
130fa264f682270b53c8e49d10ea84c7d383ee65
-
SHA256
75c242c688216f9d653a718667adaec3387d5771d4f1c8662cce5543a09fbbe0
-
SHA512
67446cb0e75ba732e4fcb3863bef0cbf9eb4c648f85dd3164d0fb61b8653ed04882c4dbc753211669b506742331f09534cb3f185684fe2793a1ea8dbc82a04c8
-
SSDEEP
3072:hHvUBd7vQzU8Km1vdefjm92t1AW58Jre1pgSLpwhbOF7v8qeWa:hPUB1Qz7vimU75COKSLpwhbev83
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Windows\CurrentVersion\Run\4ECYTQ9SIC = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8ab6c973bc2753cfc722823f6fc9b9bc.exe" 8ab6c973bc2753cfc722823f6fc9b9bc.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job 8ab6c973bc2753cfc722823f6fc9b9bc.exe File opened for modification C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job 8ab6c973bc2753cfc722823f6fc9b9bc.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\International 8ab6c973bc2753cfc722823f6fc9b9bc.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main 8ab6c973bc2753cfc722823f6fc9b9bc.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe 1428 8ab6c973bc2753cfc722823f6fc9b9bc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ab6c973bc2753cfc722823f6fc9b9bc.exe"C:\Users\Admin\AppData\Local\Temp\8ab6c973bc2753cfc722823f6fc9b9bc.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1428